Vulnerabilities > Jenkins > Jenkins > 1.308
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-26 | CVE-2017-1000401 | Improper Input Validation vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. | 1.2 |
2018-01-26 | CVE-2017-1000400 | Missing Authorization vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. | 4.0 |
2018-01-26 | CVE-2017-1000399 | Information Exposure vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). | 4.0 |
2018-01-26 | CVE-2017-1000398 | Information Exposure vulnerability in Jenkins The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. | 4.0 |
2018-01-26 | CVE-2017-1000396 | Improper Certificate Validation vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. | 4.3 |
2018-01-26 | CVE-2017-1000395 | Information Exposure vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. | 4.0 |
2018-01-26 | CVE-2017-1000394 | Improper Input Validation vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. | 5.0 |
2018-01-26 | CVE-2017-1000393 | OS Command Injection vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. | 9.0 |
2018-01-26 | CVE-2017-1000392 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters. | 3.5 |
2018-01-26 | CVE-2017-1000391 | Improper Input Validation vulnerability in Jenkins Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. | 4.9 |